Many people who use SimDesk share your concern about the privacy of their information. In fact, that is often a key reason why they use SimDesk (and one of the reasons I chose to work at SimDesk).
SimDesk takes a lot of pride in developing secure products. One example of that is shown in how we do our file encryption.
By default, all of your files that sit on our World Wide Server are encrypted with 128-bit AES encryption. This encryption is quite a bit stronger than the old DES and Triple-DES used by many other products. Please see question 15 on this FAQ from NIST for more details about the strength of AES - http://csrc.nist.gov/CryptoToolkit/aes/aesfact.htm l . For the record, our customers have the option of replacing it with something stronger, or even their own algorithm if they prefer. AES is our default because it is a proven algorithm which has undergone quite a bit of testing by people much smarter than I. This is why AES has been certified by NIST to replace DES - http://cio.doe.gov/ITReform/ArchitectureStandards/ stds_activity/FIPS197.htm.
Further, the files are actually encrypted on your computer before they are even sent over the internet. This has a nice benefit - your files are stored on the World Wide Server in that same encrypted form. This protects your privacy by making your sensitive information that much more resistant to hackers.
I invite you to read the white paper I wrote about our security at http://www.simdesk.com/thought_leadership/white_pa pers/pdf/security.pdf . We are always striving to make our products more secure, and we would appreciate any comments or suggestions that you might have.
=============== Mark Radulovich, CISSP, NSA/IAM Director of Strategic Analysis SimDesk Technologies, Inc.
Because you still have a single point of failure. Even if your drive had an MTBF of 1 million hours, then on average, every millionth person would lose all of their information the same day they plugged it in.
I don't know about you, but that is not a chance that I want to take.
Personally, I put a big drive in my old PC (a P-350) and use it as a backup to my primary storage. Data is synced to it every week (soon to be every night), and I no longer have to worry about hard drive failures or operating system corruption of the file system (which will still mess up a RAID solution).
I highly recommend using an old computer with a big drive. It is much higher reliability at a minimal cost, and implements the same idea that every fortune 500 uses - backing up servers (although they usually do it to tape instead of disk).
It already does. Subcontractors are covered under the "Business Associate" definition. The text of the law is located here in PDF format ( http://www.hhs.gov/ocr/combinedregtext.pdf)
The law specifically states that any work that a healthcare organizations subcontracts out is to be held to the same standard. If the hospital did not insure that, then they are liable for both civil and criminal damages.
This is actually one of the great things about the law. If an organization tries to escape any clause by subcontracting out the work, they are still liable. In this case, it seems that they did not even have an agreement with the contractors, which would be even larger penalties.
As a final note, the hospital is already liable, because the woman sent patient records to the hospital via email. Unless the email was encrypted and only opened by the doctors giving care to the patients in record, then the hospital is liable. I expect the government will begin an investigation shortly, and the hospital will be fined within a year.
I think this whole GNU/Linux wording problem would simply go away if they just released their own distribution. THEN they can call it GNU Linux (no slash), and I'd probably buy it. (It would be a donation to a good cause.)
I do not like the term GNU/Linux not out of disrespect - on the contrary, the FSF has given much to the world, and for that I am most appreciative. However, I use X, PostgreSQL, Apache, and a number of other tools that use different licenses, and I am NOT about to start call it GNU/MIT/Qt/Apache/BSD/etc/Linux.
Yes, Linux is a kernel, but what if someone ported the entire BSD system over to Linux - would we then call it BSD Linux? hmmmm.....
I wish Richard Stallman would get over this aspect of naming just because people use GNU tools with Linux. Of course they do - because his mission in life has succeeded beyond all rational conceptions that he could have had 20 years ago.
Furthermore, what if I use KDE? Should I call it KDE/Qt/GNU/Linux?? Where should it end? I would gladly call it the GNU OS, but it isn't - GNU's OS ("the Hurd") is based on Mach, not Linux.
Yes, Richard Stallman has done great things. But he should be happy that he has brought truly "Free" computing to the masses, not worry about branding. His efforts would be much better spent convincing developers to use the GNU license instead of other licenses.
As these things get faster, we'll need a better benchmark. A TERAFLOP??? Come on - can anyone really put into words what this can actually do?
How about running SETI on it for a day (or an hour) and seeing how many units it can crank out? Then we would finally have something comparable to our own lives that we can comprehend.
I doubt that many people know how many M/G/Tflops their own computer is, but many more probably know how long it takes to run a SETI unit.
As a side note, I'm working on a project for my employer to put in a PETAbyte size storage solution. Now I know a petabyte is a million gigabytes, but it's much easier to think of it as seven years of medical images for each of the 30 hospitals we have.:)
If you buy servers from IBM, HP, or Dell (among others), you can just buy support hours - and for a lot less.
Rather than buy the OS for every server, buy the support, and just copy the OS. It's my understanding that this is permitted with RH AW/ES/AS. If you don't need the enterprise version, then don't use it.
This is quite interesting, and should impact SCO considerably. By initiating this action, Red Hat can enter the "discovery" phase, which will allow the lawyers (and developers?) to see the ALL of the code that SCO says infringes on their intellectual property.
The end result should be that Red Hat will be able to wipe away the FUD, and get down to the bottom of what SCO really owns. Assuming SCO owns anything, Red Hat can then begin work on removing that code. Also, if Red Hat wins, they will probably get monetary damages, which always helps.
Go Red Hat!
(Now I suppose I should actually buy the distro instead of downloading the ISO's...)
You might want to consider that short selling is often referred to as "going naked" - it's because if you bet wrong, they will take the shirt off of your back, and you wil have *nothing*.
Even worse, you can lose everything to a margin call even if you bet right, and the price goes to zero. All the price has to do is rise a bit in the interim, and they will demand collateral to cover it. On a margin account, that collateral does not exist, so they'll sell everything you have to cover the margin. Once the margin is greater than your assets, they buy the stock back, and you get stuck with the bill.
This article is not all that surprising. If you think about how many companies continually choose the cheaper option (whether it is people or building leases), then this makes total sense. In my experience there have been *very* few managers that really understand how to run an IT group. If the financial industry did this, then mutual funds would be run by people right out of school. Instead, they hire smart, *experienced* people to run them, so they don't make stupid mistakes.
Have you ever worked for an IT group that did not make stupid mistakes? I did once, and it was fantastic. Email servers never crashed, and file shares were always available. The network never crashed either - and this was for a fortune 100 company in 1995!
As I said, IT managers do not understand that it is much, much better to hire experience people, and put the money into them, than it is to hire several cheap resources on which to build an information infrastructure. Good IT groups put their time, effort, and money into planning, and good planning takes knowledge. Of course, knowledge only comes with experience, not from being a teenager.
(In interest of full disclosure, I am an Architecture Manager for a large company, and I'm 33 years young.)
Poulsen is showing an incredible lack of thought in writing this article.
First, if a person runs a honeypot on their network, a network they control, or a device that they control, then it is not interception of communications. It is _logging_ responses and action taking place _within_ that device, not _intercepting_ communications. There have to be three parties to intercept - the sender, the receiver, and the interceptor.
Second, even if it were interception of communications (which it is not), then not only would all of the system logs in Unix/Windows be illegal, but so would every web server log in the US. Even worse, that caller ID display that you have would also be illegal - it intercepts information to display on your phone.
Finally, if monitoring a honeypot is illegal, then monitoring a hacked server would be as well. So, if your machine were infected by a virus that talked to an IRC channel, the you would be guilty of an illegal interception of communication.
If anyone ever loses a lawsuit because of this, appeal, and also sue your own lawyer for incompetence!!!
Read the source email (http://www.securityfocus.com/archive/119/293431/2 002-09-23/2002-09-29/0), and remember that even though Salgado (author of the email) is a legal professional, that half of all lawyers still lose in court (by definition). (in other words, get another opinion - or maybe two or three.
Salgado does not have a good grasp of this. This can be shown simply. If he were correct, then the phone companies would require a wirtetap order to even _view_ their phone logs for any suspected phreaking on their network. Somehow, I doubt that Ma Bell gets a wiretap order for to look at their phone logs.
1) Why was there a kissing scene between Neo and the French woman in front of Trinity. Why was there a kissing scene with the Frenchwoman and Neo at all? Hollywood rearing it's ugly head I think. There was no reason for this scene. If you took it out, then you did not lose anything of the story. The French woman could have simply shown them the way because her husband was cheating on her. She was angry enough.
2) Why was the Frenchman who wrote the "cake" program saying essentially that humans will continue to perform an action (such as eating the cake) even though they do not know why. If I eat cake and know it is causing me to have an orgasm...then I know WHY I am eating the cake. If I eat the cake and know I am going to die and yet STILL eat the cake, then you've better described the Frenchman's point. Having the orgasm was, it seemed to all that I went to the movie with, that this was yet another scene that Hollywood put in just to put in. No redeeming reason. And it didn't make sense.
3) Why was there a sex scene needed between Neo and Trinity? If it wasn't there, would the movie have been just as good? DEFINITELY. Trinity looks like Neo. It was as if we were watching two men have sex. Again....Hollywood.
I wish we could get back to making movies that are written for the pure sake of telling and intelligent and sophisticated story. Not porn in a Tron movie!
Wait for it on video. However, make sure you see the freeway scene. Fantastic. It was the only scene that made me not want my money back.
A "Scientist" wrote this!?!?!?!?
on
Making Change
·
· Score: 5, Insightful
This article is a complete waste of time. This might be a fun paper for a discussion about coinage, but it fails horribly when taken as practical advice.
The US does not need another coin. Indeed, the *opposite* is true. If you get rid of the penny, you can increase efficiency tremendously, to only 2.75 coins per transaction, and a whopping 45% of transactions would require 2 or fewer coins!
Many people oppose the elimination of the penny, but bear with me for a moment. Consider the following issues:
- Pennies cannot be used in vending machines, and therefore are not as "spendable" as all the other coins.
- Prices will not rise as people think they will; they will fall instead! Everything that is priced at $n.99 will now be $n.95 instead (marketers HATE to price in round dollars because it makes their prices look higher). All other numbers will be rounded to the nearest $n.n5.
- The US government makes 12 billion pennies at a cost of $100 million each year (http://www.retirethepenny.org/), which could be put to better use than filling up my coin jar.
- Half of these pennies will disappear from circulation within a year! (http://www.shepherd-express.com/shepherd/19/41/ne ws_and_views/straight_dope.html)
- Counting out pennies costs the economy an estimated $20 billion in productivity annually (http://www.retirethepenny.org/)
- The U.S. Mint loses $8 million a year manufacturing pennies. (http://www.shepherd-express.com/shepherd/19/41/ne ws_and_views/straight_dope.html)
Think about it - do you *really* want another coin in your pocket? Thank God that politicians don't listen to us all the time!
No -I would add all of the email addresses from which I receive email, including amazon, mailing lists, and so forth. Also, my email server could automatically add the email addresses of anyone that *I* send email to as well.
[One example is Novell Groupwise, which we use at my work. It automatically adds the email addresses of anyone to whom I send email to "My address book". This is completley automated (I'm sure other email programs do this, but I've used Groupwise for so long that I can't remember the others). ]
I do agree with you about accepting email in the first place (it uses disk and network bandwidth), but setting a rule minimizes that issue; I could (depending on my preference) keep the untrusted email indefinately, delete it immediately, or some thing in between (like Yahoo! does with "bulk mail").
As for the DNS solution, I thought about theat, and had to read through the Tripoli doc twice before I posted my first response. Tripoli will certify *every* email, and that requires an OLTP style architecture, and will therefore not be cacheable. Yes, you could set up 13,000 servers (heck, google already does that), but what I'm more concerned about is this: What does a person gain from using PIT over my suggestion? A little, sure, but very little. In fact, my suggestion covers almost all cases. Better yet, we could use PIT to overlay on my suggestion, and then have another email class - "trusted AND verified". Note that PGP and other products effectively do this already (through PKI), albeit with a clunky interface.
My guess is that hospitals, banks, and legal workers (courts, lawyers, judges, FBI, etc) will be interested in that, but for everyone else, it would not be worth it.
That's the point - the sender address doesn't need to be validated. The odds that a spammer will use a friend of yours' email address to send spam to you is zilch. That is the *only* way spam would get through your filter.
And even if they did, they are breaking laws in every modern (and even some not-so-modern) country.
The internet is organic, and as a result, there will be inefficiences. But just imagine a ddos attack on the pit servers. *All* email would stop. Not my idea of fun.
Is not to reinvent the protocol. Spammers will disappear if nobody reads their spam (because it will be too ineffective, even at a cheap price).
The better solution is simple - let me rate the"trustworthiness" of the sender who sends me email and sort it appropriately. I can add all my family and friends to the "explicitly trusted" list. Then, the server can allow for an option such as "possibly trusted", which might include all emails from the same domain I'm in, or from domains I specify (e.g. *@mit.edu).
All other email will be tagged as "untrusted". Now, I can set my email browser to color code them, simply ignore them, or set a rule for each category. Yahoo! already does this, showing a smiley face with the emails that come from people in my address book
This can be done simply, and without rewriting any protocols. Beware people who want to reinvent the wheel to gain profit when there is no need. "Pit certification" is unnecessary, and too costly.
It depends on how much you want to spend. I put in cat5 cable to all the rooms in our townhome that we built 3 years ago. I now have 100Mbit throughput, and it is very nice. Once you do that you may want to add wireless later on. Try it out wired, and then see if you need to spend the extra money for wireless. If you have a laptop, you'll probably want to add it, but run wires if you have the option.
The key part of the system is the computer configuration. I built a server (an old PC with a 60GB harddrive) to store all of my files. All the other computers, including two laptops and three desktops, access it via ssh, vnc, and samba file shares. It is amazing how fast it is, and playing *any* kind of content over a 100Mbit is completely seamless.
I then use home-built PC's with the smallest harddrives I can find to connect the system to the stereo and TV. I use one computer that provides both both music and video (it has a DVD-ROM drive), and recommend using a Radeon All In Wonder as the video card. The computer runs well, and I have minimal investment in it.
Since I built enough storage in the server, I do not have to worry about running out of space anytime soon. I even have debated ripping all of my DVDs to DivX and putting them on the server, but that will take more space.
Whenever I get a new CD, I just rip it to.wav files and store it on the server. With harddrive prices so low, I don't even worry about mp3 or other compression, and I get fantastic sound quality as a result. I can always convert the wav files to mp3 for my laptop if I want. If you buy enough space, you even can do both!
One thing I recommend is to get a fast CPU for the computer connected to your stereo, and underclock it. If you use the proper cooling, you can get away without a fan, which really improves the noise level. Of course, this takes a bit of work to get right, or you'll melt down the computer. But at least your data will be safe.
Also, put as much RAM as you can afford into your server. Your server will just cache everything it can for an incredible response time. I have a lowly P400 with 768MB RAM as the server, and it has hardly any load, even though it runs samba, a database, a web server, a proxy server (squid) and an intrusion detection system (snort) on it!
I built everything with the idea that I want it to be modular. When I run out of space on the current server, I will be replacing it with much more capacity. Since I figure that I will run out in a year or so, I anticipate buying a Athlon2000 with 2GB of RAM, and at least a half terabyte of RAM. Then I will just use the old server in my bedroom to watch TV and listen to music. In this way, I reuse everything, and formerly worthless computers become quite helpful.
In college, my professors graded on a curve, as they did in grad school. That being said, when I was an undergrad, I hated it. After some time in the real world, I've learned that life is graded on a curve. When I was in grad school, I liked it. It separated the better people from the average people.
FOR EXAMPLE...
The difference between two lawyers' argument might be trivial, but there is always a first place, and a last place.
The same is true for resumes. The difference between being on the top of the stack and being the second in the stack is a job offer.
If schools graded on a curve, the professors' work would be much easier, more objective, and more appropriate to real life for students. All a professor needs to do is rank order the exams, and apply some shape of bell curve.
Better colleges and universities (not necessarily the same as the name-brand ones) enforce a bell curve by college or department, which all professors must apply.
My favorite professor taught grad school economics, and rank ordered every question individually. Tthere were only 5 questions on a 3-hour test, and ALL the best students were there for at least 2.5 hours, while the worst students left after 30 minutes. When I got my test back, I knew how good my answer was for each question relative to the 100 other grad students.
Interestingly enough, I had a class from him in undergrad. I enjoyed the material, but did not like him or his grading. After a dose of the real world, I came to appreciate his perspective, and became a better student because of it.
Why did you decide to be the advertising face of Priceline.com. Aside from the compensation, what compelled you to work for them instead of any of the other advertising offers that you have received?
Also, would you ever do it (ar anything like it) again?
The solution to this is simple - two-factor authenication. Most Americans are already using it every week (and don't even know it) in the form of an ATM card and PIN. You can give away your pin, and as long as your ATM card is not stolen by the person who know's your pin, you are fine. The reverse is also true.
Once this comes to network security, users will even be able to set their pin to "4444" and be reasonably secure (provided that they report when they lose their card so that the security folks can lock out the card, and that the security people lock out the user after 3 incorrect pin entrees).
Also note that I'm talking about a simple magnetic stripe card, not a smart card. It can be easily put on the back of your employee badge, so if a user loses it, the sysadmins will know because your front desk won't let them in the building.
Interesting point, but I'd question some of the assumptions that you make.
First, you assume that email is the place to make appointments. Try a portal instead - it's generally more secure, and usually has it's information stored in a database (unlike Exchange2k, which won't have a SQL backend until one or two versions from now). Also, if you just want a calendar solution, you can get one from iPlanet (http://www.iplanet.com/products/iplanet_calendar/ home_calendar.html) or a bunch of other companies (I've personally verified that some of these solutions are more feature rich, more scalable, and cheaper than Exchange.)
Second, many companies are implementing or have implemented web-based file sharing instead of more file servers. Why? Simple - they're scalable, provide better uptime, and can be accessed from anywhere (unlike a file share). Even Microsoft has gotten into the act. Ever heard of sharepoint (http://www.microsoft.com/sharepoint/)? It's a tool for sharing documents via the web, and you can even use Netscape as a client. Of course, there are many other solutions, I just wanted to demonstrate that even Microsoft is moving to a web-based file system.
Third, Active Directory - are you serious? Few large companies have implemented it, and many more companies use Novell NDS (also known as eDirectory) than AD. Also, it's much more powerful than AD, and companies that need to manage large user bases (such as Yahoo) use it.
All that aside, I still agree with one main point - "companywide" was not defined in the article, so we'll have to wait and see what they are really doing. Until then, lets not jump to comclusions about what can or cannot be done.
While I can appreciate the difficulty in measuring productivity and lines of code, the solution for productivity seems to be something along the lines of this:
Productivity = (# of Programs written)/ (# of lines of code * hours worked)
This formula, using a standardized program would show that the most useful programmer is someone who spends one hour on freshmeat to download the program that does exactly what you need. Despite writing ZERO code, this programmer is much more useful than anyone who writes code for even an hour because you won't have to maintain it!
Standard measures use outputs/inputs. Always have, always will (think of cars per hour for Ford - outputs/inputs).
I think Miguel, Redhat, Sun, et. al. should seriously consider this for future versions of Gnome. "Why," you might ask?
First, it is VERY fast. No, make that EXTREMELY FAST. For once, my PIII-866 feels like a fast machine. Running Linux or Windows, my computer feels considerably slower. Rox put a smile on my face with that.
Second, this allows people to run multiple versions of applications, just like the mono project is supposed to.
Third, it's easy to configure - is it SIMPLE, but effective. You can copy an application by copying a simple directory. It simplifies the dll hell by making applications self contained. You could even have multiple versions in one directory if you wanted to. (http://rox.sourceforge.net/appdirs.php3 shows a simple example with tgif).
Finally, it works today. Mono is still several months off at the earliest, and requires chasing MS all over the place with regard to changes.
I think the article's author is missing quite a bit in this debate. As a strategist for a Fortune 100 company, I can assure everyone that battles for the marketplace are not as one dimensional, nor as simple as he claims.
For instance (and this is only to illustrate my point, not to say what will happen), the author has not considered what might happen if SUN decides to offer large companies and/or OEMs the ability to load StarOffice for a cheap price. With Microsoft changing their licenses, they are facing a strategic point in time where they become, at least briefly, weaker than normal.
In addition, a bad economic climate has already caused companies to rethink or postpone hardware purchases. Desktop software has almost become pedestrian. Why should a company spend money on a newer version of MS Office that offers features that are used by only a minority of users when they can spend the money on security, or improve cashflow?
Not all companies will follow the same path. Some may deploy StarOffice on Windows, others will do nothing, or possibly upgrade, while others may switch some computers to Linux.
For some reason, people get caught up in the idea that Linux has to win NEXT YEAR in order to not "lose" the desktop. This is not only incorrect, it is ignorant of history. It took Microsoft more than a decade to dominate in the office software category. Expecting Linux to dominate before 2005 is just plain foolish.
The war for the desktop will last a decade, and Linux might win. It is cheap, effective, and an excellent substitute. By contrast, Microsoft now has a product that is more expensive than its previous versions. By all accounts, the economics of the situation state that substitutes (especially good ones) do well under these circumstances. Once StarOffice gets a foothold, the doorway to Linux will not only be unlocked, but is will also be swinging wide open. For someone to claim that this war is lost is just plain silly.
Everyone seems to forget that Sun has a "relationship" with AOL ( Netscape, iPlanet, and so forth ).
Somehow, it seems to me that AOL could EASILY put StarOffice on it's AOL CD that it distributes to the entire world (plus the sun, moon, and stars).
Just think - AOL became the biggest internet provider by distributing their disks. It would be foolish to think that they could not become the largest office software distributor in the world simply by including StarOffice on the CD.
Sun would probably even help defray the distribution costs.
Slashdot Mirror
Many people who use SimDesk share your concern about the privacy of their information. In fact, that is often a key reason why they use SimDesk (and one of the reasons I chose to work at SimDesk).
m l
./ stds_activity/FIPS197.htm.
a pers/pdf/security.pdf . We are always striving to make our products more secure, and we would appreciate any comments or suggestions that you might have.
SimDesk takes a lot of pride in developing secure products. One example of that is shown in how we do our file encryption.
By default, all of your files that sit on our World Wide Server are encrypted with 128-bit AES encryption. This encryption is quite a bit stronger than the old DES and Triple-DES used by many other products. Please see question 15 on this FAQ from NIST for more details about the strength of AES - http://csrc.nist.gov/CryptoToolkit/aes/aesfact.ht
For the record, our customers have the option of replacing it with something stronger, or even their own algorithm if they prefer. AES is our default because it is a proven algorithm which has undergone quite a bit of testing by people much smarter than I. This is why AES has been certified by NIST to replace DES - http://cio.doe.gov/ITReform/ArchitectureStandards
Further, the files are actually encrypted on your computer before they are even sent over the internet. This has a nice benefit - your files are stored on the World Wide Server in that same encrypted form. This protects your privacy by making your sensitive information that much more resistant to hackers.
I invite you to read the white paper I wrote about our security at http://www.simdesk.com/thought_leadership/white_p
===============
Mark Radulovich, CISSP, NSA/IAM
Director of Strategic Analysis
SimDesk Technologies, Inc.
Because you still have a single point of failure. Even if your drive had an MTBF of 1 million hours, then on average, every millionth person would lose all of their information the same day they plugged it in.
I don't know about you, but that is not a chance that I want to take.
Personally, I put a big drive in my old PC (a P-350) and use it as a backup to my primary storage. Data is synced to it every week (soon to be every night), and I no longer have to worry about hard drive failures or operating system corruption of the file system (which will still mess up a RAID solution).
I highly recommend using an old computer with a big drive. It is much higher reliability at a minimal cost, and implements the same idea that every fortune 500 uses - backing up servers (although they usually do it to tape instead of disk).
Got Backup?
Unfortunately, the latency will kill you.
The law specifically states that any work that a healthcare organizations subcontracts out is to be held to the same standard. If the hospital did not insure that, then they are liable for both civil and criminal damages.
This is actually one of the great things about the law. If an organization tries to escape any clause by subcontracting out the work, they are still liable. In this case, it seems that they did not even have an agreement with the contractors, which would be even larger penalties.
As a final note, the hospital is already liable, because the woman sent patient records to the hospital via email. Unless the email was encrypted and only opened by the doctors giving care to the patients in record, then the hospital is liable. I expect the government will begin an investigation shortly, and the hospital will be fined within a year.
Mark Radulovich, CISSP, NSA/IAM
I think this whole GNU/Linux wording problem would simply go away if they just released their own distribution. THEN they can call it GNU Linux (no slash), and I'd probably buy it. (It would be a donation to a good cause.)
I do not like the term GNU/Linux not out of disrespect - on the contrary, the FSF has given much to the world, and for that I am most appreciative. However, I use X, PostgreSQL, Apache, and a number of other tools that use different licenses, and I am NOT about to start call it GNU/MIT/Qt/Apache/BSD/etc/Linux.
Yes, Linux is a kernel, but what if someone ported the entire BSD system over to Linux - would we then call it BSD Linux? hmmmm.....
I wish Richard Stallman would get over this aspect of naming just because people use GNU tools with Linux. Of course they do - because his mission in life has succeeded beyond all rational conceptions that he could have had 20 years ago.
Furthermore, what if I use KDE? Should I call it KDE/Qt/GNU/Linux?? Where should it end? I would gladly call it the GNU OS, but it isn't - GNU's OS ("the Hurd") is based on Mach, not Linux.
Yes, Richard Stallman has done great things. But he should be happy that he has brought truly "Free" computing to the masses, not worry about branding. His efforts would be much better spent convincing developers to use the GNU license instead of other licenses.
-Mark
As these things get faster, we'll need a better benchmark. A TERAFLOP??? Come on - can anyone really put into words what this can actually do?
:)
How about running SETI on it for a day (or an hour) and seeing how many units it can crank out? Then we would finally have something comparable to our own lives that we can comprehend.
I doubt that many people know how many M/G/Tflops their own computer is, but many more probably know how long it takes to run a SETI unit.
As a side note, I'm working on a project for my employer to put in a PETAbyte size storage solution. Now I know a petabyte is a million gigabytes, but it's much easier to think of it as seven years of medical images for each of the 30 hospitals we have.
-Mark
If you buy servers from IBM, HP, or Dell (among others), you can just buy support hours - and for a lot less.
Rather than buy the OS for every server, buy the support, and just copy the OS. It's my understanding that this is permitted with RH AW/ES/AS. If you don't need the enterprise version, then don't use it.
-Mark
This is quite interesting, and should impact SCO considerably. By initiating this action, Red Hat can enter the "discovery" phase, which will allow the lawyers (and developers?) to see the ALL of the code that SCO says infringes on their intellectual property.
The end result should be that Red Hat will be able to wipe away the FUD, and get down to the bottom of what SCO really owns. Assuming SCO owns anything, Red Hat can then begin work on removing that code. Also, if Red Hat wins, they will probably get monetary damages, which always helps.
Go Red Hat!
(Now I suppose I should actually buy the distro instead of downloading the ISO's...)
-Mark
Ouch - this is *not* a good idea.
You might want to consider that short selling is often referred to as "going naked" - it's because if you bet wrong, they will take the shirt off of your back, and you wil have *nothing*.
Even worse, you can lose everything to a margin call even if you bet right, and the price goes to zero. All the price has to do is rise a bit in the interim, and they will demand collateral to cover it. On a margin account, that collateral does not exist, so they'll sell everything you have to cover the margin. Once the margin is greater than your assets, they buy the stock back, and you get stuck with the bill.
This is another way of saying "bankruptcy."
This article is not all that surprising. If you think about how many companies continually choose the cheaper option (whether it is people or building leases), then this makes total sense. In my experience there have been *very* few managers that really understand how to run an IT group. If the financial industry did this, then mutual funds would be run by people right out of school. Instead, they hire smart, *experienced* people to run them, so they don't make stupid mistakes.
Have you ever worked for an IT group that did not make stupid mistakes? I did once, and it was fantastic. Email servers never crashed, and file shares were always available. The network never crashed either - and this was for a fortune 100 company in 1995!
As I said, IT managers do not understand that it is much, much better to hire experience people, and put the money into them, than it is to hire several cheap resources on which to build an information infrastructure. Good IT groups put their time, effort, and money into planning, and good planning takes knowledge. Of course, knowledge only comes with experience, not from being a teenager.
(In interest of full disclosure, I am an Architecture Manager for a large company, and I'm 33 years young.)
Poulsen is showing an incredible lack of thought in writing this article.
2 002-09-23/2002-09-29/0), and remember that even though Salgado (author of the email) is a legal professional, that half of all lawyers still lose in court (by definition). (in other words, get another opinion - or maybe two or three.
First, if a person runs a honeypot on their network, a network they control, or a device that they control, then it is not interception of communications. It is _logging_ responses and action taking place _within_ that device, not _intercepting_ communications. There have to be three parties to intercept - the sender, the receiver, and the interceptor.
Second, even if it were interception of communications (which it is not), then not only would all of the system logs in Unix/Windows be illegal, but so would every web server log in the US. Even worse, that caller ID display that you have would also be illegal - it intercepts information to display on your phone.
Finally, if monitoring a honeypot is illegal, then monitoring a hacked server would be as well. So, if your machine were infected by a virus that talked to an IRC channel, the you would be guilty of an illegal interception of communication.
If anyone ever loses a lawsuit because of this, appeal, and also sue your own lawyer for incompetence!!!
Read the source email (http://www.securityfocus.com/archive/119/293431/
Salgado does not have a good grasp of this. This can be shown simply. If he were correct, then the phone companies would require a wirtetap order to even _view_ their phone logs for any suspected phreaking on their network. Somehow, I doubt that Ma Bell gets a wiretap order for to look at their phone logs.
Mark Radulovich, CISSP
Items that did not make sense in Matrix Reloaded:
1) Why was there a kissing scene between Neo and the French woman in front of Trinity. Why was there a kissing scene with the Frenchwoman and Neo at all? Hollywood rearing it's ugly head I think. There was no reason for this scene. If you took it out, then you did not lose anything of the story. The French woman could have simply shown them the way because her husband was cheating on her. She was angry enough.
2) Why was the Frenchman who wrote the "cake" program saying essentially that humans will continue to perform an action (such as eating the cake) even though they do not know why. If I eat cake and know it is causing me to have an orgasm...then I know WHY I am eating the cake. If I eat the cake and know I am going to die and yet STILL eat the cake, then you've better described the Frenchman's point. Having the orgasm was, it seemed to all that I went to the movie with, that this was yet another scene that Hollywood put in just to put in. No redeeming reason. And it didn't make sense.
3) Why was there a sex scene needed between Neo and Trinity? If it wasn't there, would the movie have been just as good? DEFINITELY. Trinity looks like Neo. It was as if we were watching two men have sex. Again....Hollywood.
I wish we could get back to making movies that are written for the pure sake of telling and intelligent and sophisticated story. Not porn in a Tron movie!
Wait for it on video. However, make sure you see the freeway scene. Fantastic. It was the only scene that made me not want my money back.
This article is a complete waste of time. This might be a fun paper for a discussion about coinage, but it fails horribly when taken as practical advice.
e ws_and_views/straight_dope.html)
e ws_and_views/straight_dope.html)
The US does not need another coin. Indeed, the *opposite* is true. If you get rid of the penny, you can increase efficiency tremendously, to only 2.75 coins per transaction, and a whopping 45% of transactions would require 2 or fewer coins!
Many people oppose the elimination of the penny, but bear with me for a moment. Consider the following issues:
- Pennies cannot be used in vending machines, and therefore are not as "spendable" as all the other coins.
- Prices will not rise as people think they will; they will fall instead! Everything that is priced at $n.99 will now be $n.95 instead (marketers HATE to price in round dollars because it makes their prices look higher). All other numbers will be rounded to the nearest $n.n5.
- The US government makes 12 billion pennies at a cost of $100 million each year (http://www.retirethepenny.org/), which could be put to better use than filling up my coin jar.
- Half of these pennies will disappear from circulation within a year! (http://www.shepherd-express.com/shepherd/19/41/n
- Counting out pennies costs the economy an estimated $20 billion in productivity annually (http://www.retirethepenny.org/)
- The U.S. Mint loses $8 million a year manufacturing pennies. (http://www.shepherd-express.com/shepherd/19/41/n
Think about it - do you *really* want another coin in your pocket? Thank God that politicians don't listen to us all the time!
-Mark
No -I would add all of the email addresses from which I receive email, including amazon, mailing lists, and so forth. Also, my email server could automatically add the email addresses of anyone that *I* send email to as well.
[One example is Novell Groupwise, which we use at my work. It automatically adds the email addresses of anyone to whom I send email to "My address book". This is completley automated (I'm sure other email programs do this, but I've used Groupwise for so long that I can't remember the others). ]
I do agree with you about accepting email in the first place (it uses disk and network bandwidth), but setting a rule minimizes that issue; I could (depending on my preference) keep the untrusted email indefinately, delete it immediately, or some thing in between (like Yahoo! does with "bulk mail").
As for the DNS solution, I thought about theat, and had to read through the Tripoli doc twice before I posted my first response. Tripoli will certify *every* email, and that requires an OLTP style architecture, and will therefore not be cacheable. Yes, you could set up 13,000 servers (heck, google already does that), but what I'm more concerned about is this: What does a person gain from using PIT over my suggestion? A little, sure, but very little. In fact, my suggestion covers almost all cases. Better yet, we could use PIT to overlay on my suggestion, and then have another email class - "trusted AND verified". Note that PGP and other products effectively do this already (through PKI), albeit with a clunky interface.
My guess is that hospitals, banks, and legal workers (courts, lawyers, judges, FBI, etc) will be interested in that, but for everyone else, it would not be worth it.
-Mark
That's the point - the sender address doesn't need to be validated. The odds that a spammer will use a friend of yours' email address to send spam to you is zilch. That is the *only* way spam would get through your filter.
And even if they did, they are breaking laws in every modern (and even some not-so-modern) country.
The internet is organic, and as a result, there will be inefficiences. But just imagine a ddos attack on the pit servers. *All* email would stop. Not my idea of fun.
-Mark
Is not to reinvent the protocol. Spammers will disappear if nobody reads their spam (because it will be too ineffective, even at a cheap price).
The better solution is simple - let me rate the"trustworthiness" of the sender who sends me email and sort it appropriately. I can add all my family and friends to the "explicitly trusted" list. Then, the server can allow for an option such as "possibly trusted", which might include all emails from the same domain I'm in, or from domains I specify (e.g. *@mit.edu).
All other email will be tagged as "untrusted". Now, I can set my email browser to color code them, simply ignore them, or set a rule for each category. Yahoo! already does this, showing a smiley face with the emails that come from people in my address book
This can be done simply, and without rewriting any protocols. Beware people who want to reinvent the wheel to gain profit when there is no need. "Pit certification" is unnecessary, and too costly.
-Mark Radulovich, CISSP
It depends on how much you want to spend. I put in cat5 cable to all the rooms in our townhome that we built 3 years ago. I now have 100Mbit throughput, and it is very nice. Once you do that you may want to add wireless later on. Try it out wired, and then see if you need to spend the extra money for wireless. If you have a laptop, you'll probably want to add it, but run wires if you have the option.
.wav files and store it on the server. With harddrive prices so low, I don't even worry about mp3 or other compression, and I get fantastic sound quality as a result. I can always convert the wav files to mp3 for my laptop if I want. If you buy enough space, you even can do both!
The key part of the system is the computer configuration. I built a server (an old PC with a 60GB harddrive) to store all of my files. All the other computers, including two laptops and three desktops, access it via ssh, vnc, and samba file shares. It is amazing how fast it is, and playing *any* kind of content over a 100Mbit is completely seamless.
I then use home-built PC's with the smallest harddrives I can find to connect the system to the stereo and TV. I use one computer that provides both both music and video (it has a DVD-ROM drive), and recommend using a Radeon All In Wonder as the video card. The computer runs well, and I have minimal investment in it.
Since I built enough storage in the server, I do not have to worry about running out of space anytime soon. I even have debated ripping all of my DVDs to DivX and putting them on the server, but that will take more space.
Whenever I get a new CD, I just rip it to
One thing I recommend is to get a fast CPU for the computer connected to your stereo, and underclock it. If you use the proper cooling, you can get away without a fan, which really improves the noise level. Of course, this takes a bit of work to get right, or you'll melt down the computer. But at least your data will be safe.
Also, put as much RAM as you can afford into your server. Your server will just cache everything it can for an incredible response time. I have a lowly P400 with 768MB RAM as the server, and it has hardly any load, even though it runs samba, a database, a web server, a proxy server (squid) and an intrusion detection system (snort) on it!
I built everything with the idea that I want it to be modular. When I run out of space on the current server, I will be replacing it with much more capacity. Since I figure that I will run out in a year or so, I anticipate buying a Athlon2000 with 2GB of RAM, and at least a half terabyte of RAM. Then I will just use the old server in my bedroom to watch TV and listen to music. In this way, I reuse everything, and formerly worthless computers become quite helpful.
-Mark
...COMPLETELY
In college, my professors graded on a curve, as they did in grad school. That being said, when I was an undergrad, I hated it. After some time in the real world, I've learned that life is graded on a curve. When I was in grad school, I liked it. It separated the better people from the average people.
FOR EXAMPLE...
The difference between two lawyers' argument might be trivial, but there is always a first place, and a last place.
The same is true for resumes. The difference between being on the top of the stack and being the second in the stack is a job offer.
If schools graded on a curve, the professors' work would be much easier, more objective, and more appropriate to real life for students. All a professor needs to do is rank order the exams, and apply some shape of bell curve.
Better colleges and universities (not necessarily the same as the name-brand ones) enforce a bell curve by college or department, which all professors must apply.
My favorite professor taught grad school economics, and rank ordered every question individually. Tthere were only 5 questions on a 3-hour test, and ALL the best students were there for at least 2.5 hours, while the worst students left after 30 minutes. When I got my test back, I knew how good my answer was for each question relative to the 100 other grad students.
Interestingly enough, I had a class from him in undergrad. I enjoyed the material, but did not like him or his grading. After a dose of the real world, I came to appreciate his perspective, and became a better student because of it.
-Mark
Mr. Shatner,
Why did you decide to be the advertising face of Priceline.com. Aside from the compensation, what compelled you to work for them instead of any of the other advertising offers that you have received?
Also, would you ever do it (ar anything like it) again?
Thanks,
-Mark Radulovich
The solution to this is simple - two-factor authenication. Most Americans are already using it every week (and don't even know it) in the form of an ATM card and PIN. You can give away your pin, and as long as your ATM card is not stolen by the person who know's your pin, you are fine. The reverse is also true.
Once this comes to network security, users will even be able to set their pin to "4444" and be reasonably secure (provided that they report when they lose their card so that the security folks can lock out the card, and that the security people lock out the user after 3 incorrect pin entrees).
Also note that I'm talking about a simple magnetic stripe card, not a smart card. It can be easily put on the back of your employee badge, so if a user loses it, the sysadmins will know because your front desk won't let them in the building.
Enjoy,
-Mark Radulovich, CISSP
Interesting point, but I'd question some of the assumptions that you make.
/ home_calendar.html) or a bunch of other companies (I've personally verified that some of these solutions are more feature rich, more scalable, and cheaper than Exchange.)
First, you assume that email is the place to make appointments. Try a portal instead - it's generally more secure, and usually has it's information stored in a database (unlike Exchange2k, which won't have a SQL backend until one or two versions from now). Also, if you just want a calendar solution, you can get one from iPlanet (http://www.iplanet.com/products/iplanet_calendar
Second, many companies are implementing or have implemented web-based file sharing instead of more file servers. Why? Simple - they're scalable, provide better uptime, and can be accessed from anywhere (unlike a file share). Even Microsoft has gotten into the act. Ever heard of sharepoint (http://www.microsoft.com/sharepoint/)? It's a tool for sharing documents via the web, and you can even use Netscape as a client. Of course, there are many other solutions, I just wanted to demonstrate that even Microsoft is moving to a web-based file system.
Third, Active Directory - are you serious? Few large companies have implemented it, and many more companies use Novell NDS (also known as eDirectory) than AD. Also, it's much more powerful than AD, and companies that need to manage large user bases (such as Yahoo) use it.
All that aside, I still agree with one main point - "companywide" was not defined in the article, so we'll have to wait and see what they are really doing. Until then, lets not jump to comclusions about what can or cannot be done.
Regards,
-Mark
While I can appreciate the difficulty in measuring productivity and lines of code, the solution for productivity seems to be something along the lines of this:
Productivity = (# of Programs written)/ (# of lines of code * hours worked)
This formula, using a standardized program would show that the most useful programmer is someone who spends one hour on freshmeat to download the program that does exactly what you need. Despite writing ZERO code, this programmer is much more useful than anyone who writes code for even an hour because you won't have to maintain it!
Standard measures use outputs/inputs. Always have, always will (think of cars per hour for Ford - outputs/inputs).
Regards.
-Mark
I think Miguel, Redhat, Sun, et. al. should seriously consider this for future versions of Gnome. "Why," you might ask?
First, it is VERY fast. No, make that EXTREMELY FAST. For once, my PIII-866 feels like a fast machine. Running Linux or Windows, my computer feels considerably slower. Rox put a smile on my face with that.
Second, this allows people to run multiple versions of applications, just like the mono project is supposed to.
Third, it's easy to configure - is it SIMPLE, but effective. You can copy an application by copying a simple directory. It simplifies the dll hell by making applications self contained. You could even have multiple versions in one directory if you wanted to. (http://rox.sourceforge.net/appdirs.php3 shows a simple example with tgif).
Finally, it works today. Mono is still several months off at the earliest, and requires chasing MS all over the place with regard to changes.
I think the article's author is missing quite a bit in this debate. As a strategist for a Fortune 100 company, I can assure everyone that battles for the marketplace are not as one dimensional, nor as simple as he claims.
For instance (and this is only to illustrate my point, not to say what will happen), the author has not considered what might happen if SUN decides to offer large companies and/or OEMs the ability to load StarOffice for a cheap price. With Microsoft changing their licenses, they are facing a strategic point in time where they become, at least briefly, weaker than normal.
In addition, a bad economic climate has already caused companies to rethink or postpone hardware purchases. Desktop software has almost become pedestrian. Why should a company spend money on a newer version of MS Office that offers features that are used by only a minority of users when they can spend the money on security, or improve cashflow?
Not all companies will follow the same path. Some may deploy StarOffice on Windows, others will do nothing, or possibly upgrade, while others may switch some computers to Linux.
For some reason, people get caught up in the idea that Linux has to win NEXT YEAR in order to not "lose" the desktop. This is not only incorrect, it is ignorant of history. It took Microsoft more than a decade to dominate in the office software category. Expecting Linux to dominate before 2005 is just plain foolish.
The war for the desktop will last a decade, and Linux might win. It is cheap, effective, and an excellent substitute. By contrast, Microsoft now has a product that is more expensive than its previous versions. By all accounts, the economics of the situation state that substitutes (especially good ones) do well under these circumstances. Once StarOffice gets a foothold, the doorway to Linux will not only be unlocked, but is will also be swinging wide open. For someone to claim that this war is lost is just plain silly.
Everyone seems to forget that Sun has a "relationship" with AOL ( Netscape, iPlanet, and so forth ).
Somehow, it seems to me that AOL could EASILY put StarOffice on it's AOL CD that it distributes to the entire world (plus the sun, moon, and stars).
Just think - AOL became the biggest internet provider by distributing their disks. It would be foolish to think that they could not become the largest office software distributor in the world simply by including StarOffice on the CD.
Sun would probably even help defray the distribution costs.
Just my $0.02 worth....